Skip to content

config: yaml: fix double-free from freeing state before cleanup on exit. #10199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 16, 2025
Merged

config: yaml: fix double-free from freeing state before cleanup on exit. #10199

merged 1 commit into from
Apr 16, 2025

Conversation

pwhelan
Copy link
Contributor

@pwhelan pwhelan commented Apr 10, 2025
edited
Loading

Summary

Fix double frees when an error occurs when parsing yaml configuration files, especially with missing include files.

Description

Remove calls to state_destroy on error when it will be cleaned up at the end of the function that parses the yaml configuration.

This fix is meant to address CVE-2025-29477. This is mostly to just encourage code cleanliness.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@pwhelan
config: yaml: fix double-free from freeing state before cleanup on exit.
8bf8f2a 
remove calls to state_destroy on error when it will be cleaned up at the end
of the function that parses the yaml configuration.

Signed-off-by: Phillip Whelan <[email protected]>
@pwhelan
Copy link
Contributor Author

pwhelan commented Apr 10, 2025

I am attaching here a valgrind.log that also shows memory that main is not deallocating but which falls out of scope for this PR.

valgrind.log

@edsiper edsiper added this to the Fluent Bit v4.0.1 milestone Apr 16, 2025
@edsiper
Copy link
Member

edsiper commented Apr 16, 2025

thanks.

note that prefix must be: config_format: yaml: ...

@edsiper edsiper merged commit 7636151 into master Apr 16, 2025
58 checks passed
@edsiper edsiper deleted the pwhelan-fix-cf-yaml-state-double-free branch April 16, 2025 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich leonardo-albertovich is a code owner

@fujimotos fujimotos Awaiting requested review from fujimotos fujimotos is a code owner

@koleini koleini Awaiting requested review from koleini koleini is a code owner

Assignees
No one assigned
Labels
docs-required
Projects
None yet
Milestone
Fluent Bit v4.0.1
Development

Successfully merging this pull request may close these issues.
2 participants
@pwhelan @edsiper